soarecostin / file-vault Goto Github PK

Trying to upload enc files on s3 and retrieving them to create a signed url for the response to an API to access them from s3.
What i have achieved so far is :

Files are being uploaded to s3 as (.enc) even if i use streamDownload and decrypt file , saves it, it's working perfectly.

1- I am trying to get a singed url for a file that will return to api response , which is i am getting correctly using :
$command = $client->getCommand('GetObject', [ 'Bucket' => $bucket, 'Key' => **FileVault::disk('s3')->decrypt($key),** ]); $request = $client->createPresignedRequest($command, '+20 minutes'); $presignedUrl = (string)$request->getUri();
It is working fine if i put path of a normal file to key but when i try to decrypt it as well it says :

"message": "Found 1 error while validating the input provided for the GetObject operation:\n[Key] must be a string or an object that implements __toString(). Found object(SoareCostin\FileVault\FileVault)",

If you could guide me @soarecostin . Bundle of thanks already for this wonderful package.

I'm trying to install on Laravel 9 but I'm stuck, it seems incompatible. Someone are using on v10?

As far as I see from the package, files are decryptable by admin of the app. Is it possible to encrypt and decrypt files with user's private key?

$crypt = new FileEncrypter(config('file-vault.key'), config('file-vault.cipher'));
$crypt->encrypt('local-path', 's3://bucket-name/path');

It working in my case.

Hi guys,

I use file-vault to encrypt and decrypt files on my app and I'm using streamDecrypt inside streamDownload method to download those encrypted files.

This method works like a charm in desktop but in mobile the file downloaded is a .html file with random characters inside. What can I do to fix this issue?

I tried in Android 10 with Edge, Chrome and Native Xioami Browser.

Sorry for my english BTW.

Hi @soarecostin , thank you for the great library.

I noticed in my app that sometimes I had decryption errors on files from s3, but trying the same operation on the same file some seconds later would suggest.

I noticed that the FileEncrypter has a check in place to handle different chunk sizes received from s3:

// Because Amazon S3 will randomly return smaller sized chunks:
// Check if the size read from the stream is different than the requested chunk size
// In this scenario, request the chunk again, unless this is the last chunk
if (strlen($ciphertext) !== 16 * (self::FILE_ENCRYPTION_BLOCKS + 1)
    && $i + 1 < $numberOfChunks
) {
    fseek($fpIn, 16 + 16 * (self::FILE_ENCRYPTION_BLOCKS + 1) * $i);
    continue;
}

I added some custom logs and noticed that the bug always happens while trying to decode the last block. Could it happen when S3 return the last chunk with a wrong size? There doesn't appear to be any checks in place to detect (and fix) such an occurrance.

I will try to fix the issue and submit a pull requests in case of success

I have implemented a system with keys and hooked up to S3. Most of the time it works like a dream, files will upload, encrypt and then my queue sends it to S3. Downloading uses stream decrypt, just as the docs mention.

Occasionally though, I'll have a file which when i download through streamDecrypt will just do nothing. I can't get any kind of error message out of it either. If I upload the exact same file and try downloading that, it will work. But that original one doesn't.

Looking in S3, it did successfully upload, the file size is correct on each upload of the same file, but some download and others dont. It has me really stumped.

How might i get some kind of debug info out of the streamDecrypt so I can find out why some files it just doesn't like?

Here's my download script:

$path = $file->file_url.$file->file_name.'.enc';
if (Storage::disk('s3')->has($path)) {
return response()->streamDownload(function () use($path, $encryptionKey) {

	if($encryptionKey){ // it will use the default encryption key if doc-library
		FileVault::disk('s3')->key($encryptionKey)->streamDecrypt($path);
	}else{
		FileVault::disk('s3')->streamDecrypt($path);
	}

}, $file->file_name, array(
	'Content-Type' => str_replace('-', '/', $file->mime) // mime stored in db as example: 'image-jpeg'
));

}else{
echo 'File not found';
}

Thanks

I'm trying to install on Laravel 9 but I'm stuck, it seems incompatible. Someone are using on v9?

- Root composer.json requires soarecostin/file-vault ^1.2 -> satisfiable by soarecostin/file-vault[v1.2.0].
- soarecostin/file-vault v1.2.0 requires illuminate/support 5.8.* || 6.*.* || ^7.0 || ^8.0 -> found illuminate/support[v5.8.0, ..., 5.8.x-dev, v6.0.0, ..., 6.x-dev, v7.0.0, ..., 7.x-dev, v8.0.0, ..., 8.x-dev] but these were not loaded, likely because it conflicts with another require.

Looks like all of the recent pull requests to this repository are failing at the same Travis stage as the --prefer-lowest flag on PHP 7.3 fails.

This seems independent of the requests themselves, but rather it is caused by some other dependency.

https://travis-ci.com/github/soarecostin/file-vault/jobs/489032519

Hi @soarecostin,

I would like to know which approach is the best for my question?

Thanks in advance.

Cheers.

Hello, what i am doing is basically i am uploading files on s3 as encrypted , it's working fine but when i tried to decrypt any specific file and create a presignedUrl (which i get and is accessible) and then i created a job to run after a while to again encrypt that specific file , jobs gets failed and it throws me this error :
Error: Call to undefined method League\Flysystem\Adapter\Local::getClient() in /vendor/soarecostin/file-vault/src/FileVault.php:192
Stack trace:

Sometime it works but most of time not. If someones guide me regarding this.
My code is as follow :
To create a url :
$presignedUrl=$client->getAwsTemporaryUrl($client->getDriver()->getAdapter(), $key, now()->addSeconds(15), []);

To decrypt the file again :
EncryptAttachment::dispatch($key1) ->onQueue('queue4') ->delay(now()->addSeconds(15));
and also i am specifying my disk as well in that job as well FileVault::disk('s3')->encrypt($this->key);

cannot open the file

I cant download / find the image once uploaded.

For testing purposes made the file public and if manually type the url into the browser it downloads the file, so it's there.

$file = 'https://media.xxxxxxx.com/development/verification/3729828c-4d69-11ec-866b-7f65ebec3fd0/0611fdf9-70e4-4b3f-b33c-bc430fa6d48c.jpg.enc';

    if (!\Storage::disk('spaces')->has($path)) {
        return 'File not found';
    }

Always never found

exception: "Illuminate\Contracts\Filesystem\FileNotFoundException"
file: "/laravel/framework/src/Illuminate/Filesystem/FilesystemAdapter.php"
line: 159
message: "File not found at path: https:/media.xxxxxxxxx.com/development/verification/3729828c-4d69-11ec-866b-7f65ebec3fd0/0611fdf9-70e4-4b3f-b33c-bc430fa6d48c.jpg.enc"

But other than not finding the file, how can I view the image. The encrypted files are all images so basically the user uploads 3 images, it get encrypted, admin needs to review these images so they need to see it on the admin section of the site. How is this possible?

I do not want to download the image in the browser, simply pull the encrypted file, decrypt it and return a base_64 image to the browser in an API json response?

I want change key and disk to dynamically.
Effect to FileVault/constructor and FileVaultServiceProvider/register.
A few modifications will improve many conveniences.

Hey @soarecostin,

I encrypt my uploaded files with a custom key and save the key in a separate database (per file one key).
But I can't decrypt my files.
Am I missing something or am I just too stupid?

Thanks in advance.

When streaming the response from an S3 instance (DigitalOcean Spaces, using S3 driver), the disk is ignored and FileValue attempts to ready directly from the local disk:

        $encFilePath = $tomeUser->tome->id . '/' . $image->filename . '.enc';

        // Return the Image
        return response()->streamDownload(function () use ($image, $tomeUser, $encFilePath) {
            return FileVault::key($tomeUser->tome->key)
                ->disk('spaces')
                ->streamDecrypt($encFilePath);
        }, $image->filename);

As you can see in the log file, FileVault is using fopen() in my local directory:

[2020-12-26 14:24:19] local.ERROR: fopen(1/1608990767-5fe7402fa827b.png.enc): failed to open stream: No such file or directory {"userId":1,"exception":"[object] (ErrorException(code: 0): fopen(1/1608990767-5fe7402fa827b.png.enc): failed to open stream: No such file or directory at /Users/{name}/sites/{project}/vendor/soarecostin/file-vault/src/FileEncrypter.php:181)
[stacktrace]
#0 [internal function]: Illuminate\\Foundation\\Bootstrap\\HandleExceptions->handleError(2, 'fopen(1/1608990...', '/Users/{user}/...', 181, Array)
#1 /Users/{user}/sites/{project}/vendor/soarecostin/file-vault/src/FileEncrypter.php(181): fopen('1/1608990767-5f...', 'r', false, Resource id #13)
#2 /Users/{user}/sites/{project}/vendor/soarecostin/file-vault/src/FileEncrypter.php(128): SoareCostin\\FileVault\\FileEncrypter->openSourceFile('1/1608990767-5f...')
#3 /Users/{user}/sites/{project}/vendor/soarecostin/file-vault/src/FileVault.php(161): SoareCostin\\FileVault\\FileEncrypter->decrypt('1/1608990767-5f...', 'php://output')
#4 /Users/{user}/sites/{project}/app/Http/Controllers/ImageController.php(73): SoareCostin\\FileVault\\FileVault->streamDecrypt('1/1608990767-5f...')
#5 /Users/{user}/sites/{project}/vendor/symfony/http-foundation/StreamedResponse.php(109): App\\Http\\Controllers\\ImageController->App\\Http\\Controllers\\{closure}()
#6 /Users/{user}/sites/{project}/vendor/symfony/http-foundation/Response.php(394): Symfony\\Component\\HttpFoundation\\StreamedResponse->sendContent()
#7 /Users/{user}/sites/{project}/vendor/laravel/framework/src/Illuminate/Support/HigherOrderTapProxy.php(34): Symfony\\Component\\HttpFoundation\\Response->send()
#8 /Users/{user}/sites/{project}/public/index.php(53): Illuminate\\Support\\HigherOrderTapProxy->__call('send', Array)
#9 /Users/{user}/.composer/vendor/laravel/valet/server.php(214): require('/Users/{user}/...')
#10 {main}
"} 

I am uploading encrypted files to s3, and when i try to decrypt them sometimes it worked but sometimes it doesnt and without changing anything, not sure where issues lies and it says :
"message": "Decryption failed", "exception": "Exception", "file": "/var/www/pms6_auth/vendor/soarecostin/file-vault/src/FileEncrypter.php", "line": 152,

Using the code doesn't download the file.

       return
            response()->streamDownload(function () use ($decFilename) {
                FileVault::disk('s3')->streamDecrypt($decFilename);
            }, Str::replaceLast('.enc', '', basename($decFilename)));

I keep getting the error ** Failed to open stream: No such file or directory** meanwhile the upload to bucket works and the file is actually there in the bucket. Using Local bucket, it works fine but doesn't work with the s3 driver.